Compliance with the requirements of the Bank Secrecy Act and Anti Money Laundering (“BSA/AML”) laws will likely always be a “hot topic” when it comes to the ongoing operation of a financial institution. The fact is that our world is filled with people who are willing to do bad things and who must use financial institutions to move the cash that they receive for their activities. Because financial institutions are the nexus point for most criminal activities the role that compliance plays in BSA/AML enforcement will continue to be large and will likely continue to grow.
Developments in technology, continuing world events, expectations of regulators and political events all come together to impact expectations for BSA/AML compliance. The goal of BSA/AML compliance is to detect activity that is suspicious and does not fit with what one might expect from a particular customer. Why would a flower shop in downtown Los Angeles need to wire money to Serbia (or for that matter Miami)? Of course there may be a legitimate reason for this, but the idea is that your financial institution must have a system in place that allows for such a transaction to be flagged and for staff to document the legitimate reason.
With the basic principle of knowing your customer in mind, there have been recent developments that have or will soon change BSA/AML expectations for your institution. Here are a few recent developments that will impact BSA/AML:
Financial technology, also known as Fintech, is a line of business based on using software to provide financial services. Financial technology companies are generally startups founded with the purpose of disrupting incumbent financial systems and corporations that rely less on software.
Fintech companies have developed many products that allow customers to have many of the same services and abilities as a bank account. Digital wallets for example, allow customers to receive payroll, reload debit cards, payment bills and purchase gift cards among other things. These platforms also allow customers to send wires, ACH’s or other transfers.
The very nature of fintech relationship are often that the customer and the provider are not in physical contact with one another. The identification process is completed through various means such as texts to telephones, IP address verification and scanned copies of documents. The ability of fintech companies to discern fraud and detect unauthorized use of an account has become increasingly adept.
In response to developments in fintech, the FFIEC BSA manual has been updated to include more information about expectations for electronic banking customers. In addition, FFIEC issued Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Cards in March 21, 2016. This guidance defines when the opening on a reloadable card account becomes subject to the CIP rules. The guidance recognizes that with fintech, many times accounts are opened without an actual face-to-face meeting. However, the basic concept remains; the account issuer must be able to establish that the person who is trying to open the account is who they say they are. Developments in fintech will continue to push and change the contours of BSA/AML requirements.
Probably the most talked about impending change in the BSA/AML area are the new rules that cover beneficial ownership. It is our intention to write an entire blog series on these new rules, so we will simply summarize here.
At its core, the beneficial ownership rule requires that when an account is opened for a legal entity, that information must be collected on the persons who either own or control the entity. Both the concepts of “own” and “control” the company are defined in the regulation. The final rule creates a new section in the BSA regulations at 31 C.F.R. § 1010.230 setting forth the beneficial ownership identification requirements for covered financial institutions, as well as a number of exclusions for specific types of customers and accounts. As a result, the beneficial ownership rule is widely being referred to as the “fifth pillar” of the BSA/AML program. The goal of this rule is to allow enforcement agencies such as Fin Cen to be able to track the flow of funds through commonly owned businesses and entities.
This fifth pillar of the BSA/AML program is expected to do more than simply collect information on the beneficial owners of entities. Once the information is collected, the nature of the relationship between the owner and the entity should be considered. The idea here is that the entity should not be a conduit through which an individual can funnel transactions that would otherwise be considered suspicious. The beneficial ownership rule will most definitely add an additional layer of customer due diligence for legal entities.
Geographic Targeting Orders
As the behavior of suspected money launderers continues to change and evolve, so do the tactics employed by the enforcement agencies. One area that Fin Cen has been watching is the practice of money launderers to buy high end real estate for cash. In many cases, the purchases are made through legal entities such as limited liability companies. This is the very type of transaction that made the beneficial ownership rules necessary.
To combat this practice, Fin Cen issues geographically targeted orders (“GTO”) which require title companies to identify all of the individuals involved in shell companies that purchase real estate for all cash. For some time, the GTO’s issued only applied to the Miami and Manhattan areas. In July of 2016, Fin Cen expanded GTO’s to include six metropolitan areas;
• (1) all boroughs of New York City;
• (2) Miami-Dade County and the two counties immediately north (Broward and Palm Beach);
• (3) Los Angeles County, California;
• (4) three counties comprising part of the San Francisco area (San Francisco, San Mateo, and Santa Clara counties);
• (5) San Diego County, California;
• (6) the county that includes San Antonio, Texas (Bexar County)
Although the GTOs apply directly to title companies, the cash purchase of real estate is the type of transaction against which financial institutions must be vigilant.
MSB’s with Agents
Yet another area that will be getting the attention of regulators is the ability of Money Service Businesses (“MSB’s”) to monitor and administrate the agents that they engage. Fin Cen has issued guidance that specifies the BSA/AML standards for MSBs. The guidance focuses on the need to establish standards for monitoring and review and to insist on proper independent testing.
It is not enough to simply test whether or not the data in your BSA/AML software has been properly mapped. You must also determine that the software is doing what the bank needs it to do to monitor suspicious activity.
OCC guidance points out that the use of models in any banking environment must fit within a risk framework. This framework has essentially four elements:
• Business and regulatory alignment – the model must fit the bank’s risk profile and regulatory requirements
• Project management – a proper and appropriate implementation is an ongoing project that is dynamic as the bank’s operation
• Enabling Technology – The use of the technology should facilitate the bank’s ability to meet its regulatory requirements
• Supporting documentation – As a best practice, documentation of the rational for using the model should be maintained.
For BSA/AML, monitoring software, the risk framework means that regulators expect financial institutions to know how its software works as well as the “blind spots” for transactions that may not be completely covered by the way the software operates. The expectations are that your staff will use monitoring software as a tool that is constantly being sharpened and improved. The model validation process is the means to ensure that the software is improving.
BSA and AML programs for financial institutions have to be nimble and flexible as changes in technology, world politics and schemes of people who launder money continue to change.